Report - 14.139.85.170/evaluation/hms/student/index.php

Report Overview

Visited public
2024-07-18 08:54:09
Tags
URL
14.139.85.170/evaluation/hms/student/index.php
Finishing URL
14.139.85.170/evaluation/hms/student/index.php
IP / ASN
14.139.85.170
#55824 NKN Core Network
Title
Student Login

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-17 18:12:37	2.0 kB	5.3 kB	23.33.119.57
14.139.85.170	unknown	unknown	No data	No data	9.4 kB	823 kB	14.139.85.170
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-07-17 22:17:27	417 B	1.4 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-07-17 18:17:53	883 B	73 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-18 08:53:36	low	14.139.85.170	Client IP	ETPRO HUNTING Suspicious Localhost SSL/TLS Certificate Observed
2024-07-18 08:53:36	low	14.139.85.170	Client IP	ETPRO HUNTING Suspicious Localhost SSL/TLS Certificate Observed

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed
2024-07-18	medium	14.139.85.170	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	14.139.85.170/evaluation/hms/student/vendor/bootstrap/js/bootstrap.min.js	ScriptElement	36 kB	2023-03-07	2025-05-13
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/bootstrap/js/bootstrap.min.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-13 10:46 Times Seen1128 Hash 2616d3564578d8f845813483352802a9 5ada7c103fc1deabc925cc1fdbbb6e451c21fc70 f971b901aeb9e55b07d472afee09bd5ae05159e1119dbd16d993e473565e7fc0 Loading...

	14.139.85.170/evaluation/hms/student/vendor/jquery-cookie/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-05-13
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/jquery-cookie/jquery.cookie.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04 Last Seen2025-05-13 08:44 Times Seen461 Hash 34259e1b3697ec38ec1ad00f29c64305 351604db63ee52e784bbbbaa1f9d77c73620972f 5dcc1f650548dab92380f10aee2a8c4c878ece063b5d4201c1205b3a343f9a8b Loading...

	14.139.85.170/evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.js	ScriptElement	9.5 kB	2023-03-09	2025-04-23
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:42 Last Seen2025-04-23 00:15 Times Seen8 Hash 61599fe1fcd25312aaec6dcbf41838ea 74a9e6577a9fba4463148948e03dd70eb9853863 0a31c7f435826b0c167f1a6a62e90a00ee1aea89e349cf52fe092ae46ae5f91d Loading...

	14.139.85.170/evaluation/hms/student/vendor/jquery-validation/jquery.validate.min.js	ScriptElement	22 kB	2023-04-05	2025-05-13
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/jquery-validation/jquery.validate.min.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 10:34 Last Seen2025-05-13 21:18 Times Seen778 Hash 6575852a4af3170a3855594124021413 52cf2d8beb90f42322631b345972f3fe87d3b545 6f7250dd7c3fd9f3bd2cdda1ce09481124ea4a4c88ace131424afa87673d142b Loading...

	14.139.85.170/evaluation/hms/student/assets/js/login.js	ScriptElement	3.6 kB	2023-03-10	2025-04-23
Pretty URL 14.139.85.170/evaluation/hms/student/assets/js/login.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 11:22 Last Seen2025-04-23 00:15 Times Seen5 Hash 5d9f54ce5dd26a5ea731a1e15705afea ab1061ffde53e0f5679dbd436f0bd4b08fefd3aa acd66521e5b1a20fe06e1e007f3b12924736c3c06cc5c22a990d24d07f916051 Loading...

	14.139.85.170/evaluation/hms/student/index.php	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL 14.139.85.170/evaluation/hms/student/index.php IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 04:27 Times Seen4677283 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	14.139.85.170/evaluation/hms/student/index.php	ScriptElement	0 B	0001-01-01	2025-05-14
Pretty URL 14.139.85.170/evaluation/hms/student/index.php IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-14 04:27 Times Seen4677283 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	14.139.85.170/evaluation/hms/student/vendor/jquery/jquery.min.js	ScriptElement	96 kB	2023-03-07	2025-05-13
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/jquery/jquery.min.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-05-13 16:37 Times Seen881 Hash eaec1712551cd2792f4607f39fab12e7 2439711705752fac5dd1a6a8d6b1be63ffcbc76d 746e54e89161118a67bd59103c4ab55e3060735cc85c1d047c2cf04d4b12043d Loading...

	14.139.85.170/evaluation/hms/student/vendor/modernizr/modernizr.js	ScriptElement	9.3 kB	2023-03-09	2025-04-23
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/modernizr/modernizr.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:42 Last Seen2025-04-23 00:15 Times Seen5 Hash 0f5354dad5962fbf75dbca6acd279f31 b2633f308ecd271e35a31e0e8b1d93570320dba9 0bc21d537e9a144305487027daab56d5de191acde5617e6d8be2fd2d7314bb56 Loading...

	14.139.85.170/evaluation/hms/student/vendor/switchery/switchery.min.js	ScriptElement	20 kB	2023-03-09	2025-05-04
Pretty URL 14.139.85.170/evaluation/hms/student/vendor/switchery/switchery.min.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:42 Last Seen2025-05-04 12:55 Times Seen845 Hash e012dd16761095fa06f0c4d59c43517c 9b850cb5a20518a748bf1b65d102a8997ebd8ec6 7c997ee0c7f33415d86d84761983df8e82dd9f003b88f1353e5e99f0fbb89b4b Loading...

	14.139.85.170/evaluation/hms/student/assets/js/main.js	ScriptElement	15 kB	2023-07-15	2025-04-23
Pretty URL 14.139.85.170/evaluation/hms/student/assets/js/main.js IP 14.139.85.170 ASN #55824 NKN Core Network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-15 12:54 Last Seen2025-04-23 00:15 Times Seen5 Hash 7bedae02e1efb2b7a3cec4db3dfd4052 118e41d8ca78bb10ea7c99b5ecf10bb41d585589 2991988178c78a759aa527259bb5c2041b75004e5745cc4640dbd2282059a8db Loading...

HTTP Transactions (30)

URL IP Response Size

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
df85487917ffcb9ff9393daa9c628bc8
73e600fa168021b1cfd00f6a00dff1678e018aaa
c694b95afc4423cf3e039cea969256e7957ff30ee11fa6cd2c5432bd7b72686b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C694B95AFC4423CF3E039CEA969256E7957FF30EE11FA6CD2C5432BD7B72686B"
Last-Modified: Mon, 15 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2695
Expires: Thu, 18 Jul 2024 09:38:30 GMT
Date: Thu, 18 Jul 2024 08:53:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f5d61e015345f1d6e8a4ab6805f26f50
5e3929d1cfa9cf61ddcf3df75f9ae5902fa3c6ee
3a781ef35e2f1386215f140f851199c98fc01c4f137cc1f38192faa4a4e9106c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3A781EF35E2F1386215F140F851199C98FC01C4F137CC1F38192FAA4A4E9106C"
Last-Modified: Mon, 15 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2650
Expires: Thu, 18 Jul 2024 09:37:45 GMT
Date: Thu, 18 Jul 2024 08:53:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c827d32609521c1e56829aac4640ab87
f6721b2c6abc469be2b70d165a58c75d5637408d
a951edc9fce6d26583509aba1a0d759172986da854406dc2041f25dca4eb6798

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A951EDC9FCE6D26583509ABA1A0D759172986DA854406DC2041F25DCA4EB6798"
Last-Modified: Mon, 15 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3040
Expires: Thu, 18 Jul 2024 09:44:15 GMT
Date: Thu, 18 Jul 2024 08:53:35 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d69acaa73161ea261cea420c9548c854
1f7cab04c4264ca503bb3e2d8f1d838c226f35c2
e4e3975a941c93fda56279b3918d81448b74cd06d2a2bd0280dbcf8e58712c1d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E4E3975A941C93FDA56279B3918D81448B74CD06D2A2BD0280DBCF8E58712C1D"
Last-Modified: Mon, 15 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2744
Expires: Thu, 18 Jul 2024 09:39:19 GMT
Date: Thu, 18 Jul 2024 08:53:35 GMT
Connection: keep-alive

14.139.85.170/evaluation/hms/student/index.php

14.139.85.170

200 OK

5.1 kB

URL User Request GET HTTP/1.1
14.139.85.170/evaluation/hms/student/index.php
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
5.1 kB (5105 bytes)
Hash
5e2c76851a2f551febaae556106f29c6
aed4b15911b4f2f712ec8b1192310426d0857bce
2754cf710087f842dc5ed1f9f48b5006045dbc38d0a38b44553cbca884055506

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/index.php HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
X-Powered-By: PHP/5.4.7
Set-Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 5105
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

fonts.googleapis.com/css?family=Lato:300,400,400italic,600,700|Raleway:300,400,500,600,700|Crete+Round:400italic

142.250.74.106

200 OK

828 B

URL GET HTTP/1.1
fonts.googleapis.com/css?family=Lato:300,400,400italic,600,700|Raleway:300,400,500,600,700|Crete+Round:400italic
IP
142.250.74.106:80
ASN
#15169 GOOGLE

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
ASCII text
Size
828 B (828 bytes)
Hash
6a60e36f9ae6139dd4ef8218992a6e0f
733477fe36f07142ad2e66bd08573efba7e34d46
7bd2b0e822e5c9bbb021e6f5a096236d51f256a94fcea9383d2db564a3a5a572

HTTP Headers

GET /css?family=Lato:300,400,400italic,600,700|Raleway:300,400,500,600,700|Crete+Round:400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Thu, 18 Jul 2024 08:53:37 GMT
Date: Thu, 18 Jul 2024 08:53:37 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c5fe3e5860e9afb843ae32b8f349f4c7
78e8faf3194e82bcb4fed0d89bd1989501dd8d2a
806921e95846539e7849756068c5afcd2fb93d1ccbb7604b5d8d18805538faf5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "806921E95846539E7849756068C5AFCD2FB93D1CCBB7604B5D8D18805538FAF5"
Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7038
Expires: Thu, 18 Jul 2024 10:50:55 GMT
Date: Thu, 18 Jul 2024 08:53:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c5fe3e5860e9afb843ae32b8f349f4c7
78e8faf3194e82bcb4fed0d89bd1989501dd8d2a
806921e95846539e7849756068c5afcd2fb93d1ccbb7604b5d8d18805538faf5

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "806921E95846539E7849756068C5AFCD2FB93D1CCBB7604B5D8D18805538FAF5"
Last-Modified: Mon, 15 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7038
Expires: Thu, 18 Jul 2024 10:50:55 GMT
Date: Thu, 18 Jul 2024 08:53:37 GMT
Connection: keep-alive

14.139.85.170/evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.css

14.139.85.170

200 OK

3.6 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.css
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
ASCII text, with very long lines (3463)
Size
3.6 kB (3597 bytes)
Hash
f1d8efd512ea934a7ae0f912d1dbab9c
f950210a5afb5cc28732320a156e27921e5b6801
bba02ab575ba3c6258cba0eb8b9101257d82f4fdd264c1cad102244d71bf1524

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:11:44 GMT
ETag: "e0d-544b02aa5e000"
Accept-Ranges: bytes
Content-Length: 3597
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/vendor/themify-icons/themify-icons.min.css

14.139.85.170

14 kB

URL
14.139.85.170/evaluation/hms/student/vendor/themify-icons/themify-icons.min.css
IP
14.139.85.170:0
ASN
#55824 NKN Core Network

File type
ASCII text, with very long lines (13847), with no line terminators
Size
14 kB (13847 bytes)
Hash
b3c22e9d656af05e7a728d7ce356b5bb
ded9f3a9400a67e398f5c8b128d8b3d1aa1d5456
b5424a405171cc62f0b4cee073f45d5478d7d34d24ace40e1fc5561aa3171baf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/themify-icons/themify-icons.min.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:11:56 GMT
ETag: "3617-544b02b5cfb00"
Accept-Ranges: bytes
Content-Length: 13847
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/vendor/switchery/switchery.min.css

14.139.85.170

200 OK

682 B

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/switchery/switchery.min.css
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
ASCII text, with very long lines (682), with no line terminators
Size
682 B (682 bytes)
Hash
3d5c5f2d195cad6c3658bec52095df6b
31db624af9fdc9411c1457353cb2d0e018a73fc7
da426bd59d02d72e73d239e1aff982bb8e89dd1e94b9dfaa0901c0dfd8b5798a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/switchery/switchery.min.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:11:56 GMT
ETag: "2aa-544b02b5cfb00"
Accept-Ranges: bytes
Content-Length: 682
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/vendor/fontawesome/css/font-awesome.min.css

14.139.85.170

24 kB

URL
14.139.85.170/evaluation/hms/student/vendor/fontawesome/css/font-awesome.min.css
IP
14.139.85.170:0
ASN
#55824 NKN Core Network

File type
ASCII text, with very long lines (23577)
Size
24 kB (23739 bytes)
Hash
04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/fontawesome/css/font-awesome.min.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:10:08 GMT
ETag: "5cbb-544b024ed0800"
Accept-Ranges: bytes
Content-Length: 23739
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/assets/css/plugins.css

14.139.85.170

200 OK

15 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/assets/css/plugins.css
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
assembler source, ASCII text, with CRLF line terminators
Size
15 kB (15391 bytes)
Hash
c3739bb9ecd59186d0cd980a5816d19f
7a6759f0f80ceebd5079b0ee0cde6e82c11a0b95
fcd580de29dce0d04a2859aabb2e73917b961473d47bc2ebeb15381b1253b7c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/assets/css/plugins.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:08:54 GMT
ETag: "3c1f-544b02083e180"
Accept-Ranges: bytes
Content-Length: 15391
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/assets/css/themes/theme-1.css

14.139.85.170

12 kB

URL
14.139.85.170/evaluation/hms/student/assets/css/themes/theme-1.css
IP
14.139.85.170:0
ASN
#55824 NKN Core Network

File type
ASCII text, with CRLF line terminators
Size
12 kB (11738 bytes)
Hash
eea67fd46b98897227aad997c93fa6e2
d4194726670a886b0fdf1bf1e3b6b5fc969a1926
0d3fab8783ca159660d0d955b2e871fca631297aef949470d42c72737e950f0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/assets/css/themes/theme-1.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:08:54 GMT
ETag: "2dda-544b02083e180"
Accept-Ranges: bytes
Content-Length: 11738
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/vendor/animate.css/animate.min.css

14.139.85.170

200 OK

53 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/animate.css/animate.min.css
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
ASCII text, with very long lines (53270)
Size
53 kB (53431 bytes)
Hash
55009d64191e6f9e712a841773ee6611
5f120f4be43d67152bf4bd8f63cca0e027d25a57
b48f9a7031474a0f73f92f2e6cbbfad730b5466cda96d86a4459c06efc986173

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/animate.css/animate.min.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:09:02 GMT
ETag: "d0b7-544b020fdf380"
Accept-Ranges: bytes
Content-Length: 53431
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/vendor/modernizr/modernizr.js

14.139.85.170

200 OK

9.3 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/modernizr/modernizr.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, ASCII text, with very long lines (8634), with CRLF line terminators
Size
9.3 kB (9281 bytes)
Hash
0f5354dad5962fbf75dbca6acd279f31
b2633f308ecd271e35a31e0e8b1d93570320dba9
0bc21d537e9a144305487027daab56d5de191acde5617e6d8be2fd2d7314bb56

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/modernizr/modernizr.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:11:12 GMT
ETag: "2441-544b028bd9800"
Accept-Ranges: bytes
Content-Length: 9281
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/jquery-cookie/jquery.cookie.js

14.139.85.170

200 OK

3.1 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/jquery-cookie/jquery.cookie.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, ASCII text
Size
3.1 kB (3128 bytes)
Hash
34259e1b3697ec38ec1ad00f29c64305
351604db63ee52e784bbbbaa1f9d77c73620972f
5dcc1f650548dab92380f10aee2a8c4c878ece063b5d4201c1205b3a343f9a8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/jquery-cookie/jquery.cookie.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:10:32 GMT
ETag: "c38-544b0265b3e00"
Accept-Ranges: bytes
Content-Length: 3128
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.js

14.139.85.170

200 OK

9.5 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, ASCII text, with very long lines (9363)
Size
9.5 kB (9496 bytes)
Hash
61599fe1fcd25312aaec6dcbf41838ea
74a9e6577a9fba4463148948e03dd70eb9853863
0a31c7f435826b0c167f1a6a62e90a00ee1aea89e349cf52fe092ae46ae5f91d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/perfect-scrollbar/perfect-scrollbar.min.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:11:46 GMT
ETag: "2518-544b02ac46480"
Accept-Ranges: bytes
Content-Length: 9496
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/bootstrap/css/bootstrap.min.css

14.139.85.170

200 OK

114 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/bootstrap/css/bootstrap.min.css
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
ASCII text, with very long lines (65371)
Size
114 kB (113498 bytes)
Hash
3ab3438f85ad9f9e27e1af1facf0a9c4
8bec1bba3e23ecba22cffb197a2d440af410b15d
d699f303990ce9bd7d7c97e9bd3cad6a46ecf2532f475cf22ae58213237821b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:28 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:09:04 GMT
ETag: "1bb5a-544b0211c7800"
Accept-Ranges: bytes
Content-Length: 113498
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

14.139.85.170/evaluation/hms/student/assets/js/main.js

14.139.85.170

200 OK

15 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/assets/js/main.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
15 kB (14833 bytes)
Hash
7bedae02e1efb2b7a3cec4db3dfd4052
118e41d8ca78bb10ea7c99b5ecf10bb41d585589
2991988178c78a759aa527259bb5c2041b75004e5745cc4640dbd2282059a8db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/assets/js/main.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:08:58 GMT
ETag: "39f1-544b020c0ea80"
Accept-Ranges: bytes
Content-Length: 14833
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/assets/js/login.js

14.139.85.170

200 OK

3.6 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/assets/js/login.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.6 kB (3635 bytes)
Hash
5d9f54ce5dd26a5ea731a1e15705afea
ab1061ffde53e0f5679dbd436f0bd4b08fefd3aa
acd66521e5b1a20fe06e1e007f3b12924736c3c06cc5c22a990d24d07f916051

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/assets/js/login.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:30 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:08:58 GMT
ETag: "e33-544b020c0ea80"
Accept-Ranges: bytes
Content-Length: 3635
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/jquery-validation/jquery.validate.min.js

14.139.85.170

200 OK

22 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/jquery-validation/jquery.validate.min.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21445)
Size
22 kB (21584 bytes)
Hash
d7342d64b483db4cdc836047765c07f3
e1085fb6185d0c47ccd1f202d197ba626f017e15
f0f5373ad203101ea91bf826c5a7ef8f7cd74887f06bad2cb9277a504503b9e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/jquery-validation/jquery.validate.min.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:10:42 GMT
ETag: "5450-544b026f3d480"
Accept-Ranges: bytes
Content-Length: 21584
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/bootstrap/js/bootstrap.min.js

14.139.85.170

36 kB

URL
14.139.85.170/evaluation/hms/student/vendor/bootstrap/js/bootstrap.min.js
IP
14.139.85.170:0
ASN
#55824 NKN Core Network

File type
JavaScript source, ASCII text, with very long lines (32087)
Size
36 kB (35601 bytes)
Hash
2616d3564578d8f845813483352802a9
5ada7c103fc1deabc925cc1fdbbb6e451c21fc70
f971b901aeb9e55b07d472afee09bd5ae05159e1119dbd16d993e473565e7fc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:09:04 GMT
ETag: "8b11-544b0211c7800"
Accept-Ranges: bytes
Content-Length: 35601
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/switchery/switchery.min.js

14.139.85.170

20 kB

URL
14.139.85.170/evaluation/hms/student/vendor/switchery/switchery.min.js
IP
14.139.85.170:0
ASN
#55824 NKN Core Network

File type
JavaScript source, ASCII text, with very long lines (19975), with no line terminators
Size
20 kB (19975 bytes)
Hash
e012dd16761095fa06f0c4d59c43517c
9b850cb5a20518a748bf1b65d102a8997ebd8ec6
7c997ee0c7f33415d86d84761983df8e82dd9f003b88f1353e5e99f0fbb89b4b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/switchery/switchery.min.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:11:56 GMT
ETag: "4e07-544b02b5cfb00"
Accept-Ranges: bytes
Content-Length: 19975
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/assets/css/styles.css

14.139.85.170

200 OK

297 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/assets/css/styles.css
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
assembler source, ASCII text, with CRLF line terminators
Size
297 kB (296821 bytes)
Hash
24e3df6ed0839647b67c08070530c8a6
8791fd2a265b43d0619df738b22e2aedec9f7329
5815c5db3567a38975e0d69a3079ad76e56a0b92d83a0580a5b015de53bcdbe6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/assets/css/styles.css HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:08:54 GMT
ETag: "48775-544b02083e180"
Accept-Ranges: bytes
Content-Length: 296821
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css

fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2

142.250.74.163

48 kB

URL
fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 48336, version 1.0
Size
48 kB (48336 bytes)
Hash
bfe7ad4aa54cff8909b2d7632073cc30
7c2e625bea4d449ca78cde09ab59dc6c9cb4726f
47d477915fa5912616e2dc5df8c5780f9202671678cf275472bd39f3381c0098

HTTP Headers

GET /s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://14.139.85.170
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 48336
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 17 Jul 2024 13:47:43 GMT
Expires: Thu, 17 Jul 2025 13:47:43 GMT
Cache-Control: public, max-age=31536000
Age: 68756
Last-Modified: Wed, 01 May 2024 20:31:48 GMT
Content-Type: font/woff2

fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

142.250.74.163

24 kB

URL
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23580, version 1.0
Size
24 kB (23580 bytes)
Hash
e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://14.139.85.170
DNT: 1
Connection: keep-alive
Referer: http://fonts.googleapis.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 23580
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Wed, 17 Jul 2024 12:08:33 GMT
Expires: Thu, 17 Jul 2025 12:08:33 GMT
Cache-Control: public, max-age=31536000
Age: 74706
Last-Modified: Tue, 02 May 2023 15:17:22 GMT
Content-Type: font/woff2

14.139.85.170/evaluation/hms/student/vendor/jquery/jquery.min.js

14.139.85.170

200 OK

96 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/jquery/jquery.min.js
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
JavaScript source, ASCII text, with very long lines (32341), with CRLF line terminators
Size
96 kB (96385 bytes)
Hash
eaec1712551cd2792f4607f39fab12e7
2439711705752fac5dd1a6a8d6b1be63ffcbc76d
746e54e89161118a67bd59103c4ab55e3060735cc85c1d047c2cf04d4b12043d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/jquery/jquery.min.js HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:29 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:10:32 GMT
ETag: "17881-544b0265b3e00"
Accept-Ranges: bytes
Content-Length: 96385
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

14.139.85.170/evaluation/hms/student/vendor/fontawesome/fonts/fontawesome-webfont.woff2?v=4.3.0

14.139.85.170

200 OK

57 kB

URL GET HTTP/1.1
14.139.85.170/evaluation/hms/student/vendor/fontawesome/fonts/fontawesome-webfont.woff2?v=4.3.0
IP
14.139.85.170:80
ASN
#55824 NKN Core Network

Requested by
http://14.139.85.170/evaluation/hms/student/index.php

File type
Web Open Font Format (Version 2), TrueType, length 56780, version 4.197
Size
57 kB (56780 bytes)
Hash
97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /evaluation/hms/student/vendor/fontawesome/fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/vendor/fontawesome/css/font-awesome.min.css
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:31 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Wed, 28 Dec 2016 04:10:12 GMT
ETag: "ddcc-544b0252a1100"
Accept-Ranges: bytes
Content-Length: 56780
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive

14.139.85.170/favicon.ico

14.139.85.170

7.8 kB

URL
14.139.85.170/favicon.ico
IP
14.139.85.170:0
ASN
#55824 NKN Core Network

File type
MS Windows icon resource - 4 icons, 32x32, 8 bits/pixel, 16x16, 8 bits/pixel
Size
7.8 kB (7782 bytes)
Hash
3bd2ec61324ad4d27cb7b0f484cd4289
405ee999603634be685ce248415ca5e24796109f
e92fc5d184a1bf1fde87a8af6b03d31c758a27f15713cc0d321d7a8237334d36

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 14.139.85.170
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://14.139.85.170/evaluation/hms/student/index.php
Cookie: PHPSESSID=pmnc780tp914v4pnsojk803643
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Jul 2024 08:53:31 GMT
Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7
Last-Modified: Mon, 16 Apr 2012 15:30:18 GMT
ETag: "1e66-4bdcd7fdd5680"
Accept-Ranges: bytes
Content-Length: 7782
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/x-icon

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by